Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Black Hat: "Five cyber phases of Russia's hybrid war"

The Cyberwire reported: "Victor Zhora, deputy chairman and chief digital transformation officer at Ukraine's State Service of Special Communication and Information Protection (SSSCIP) ...
Continue Reading

Australians Reporting Alarming Number of Losses to Vishing and Smishing Scams

We know that scam calls (aka vishing) and scam SMSs (aka smishing) are out of control, and for most unaware Australians, they continue to cause pain and suffering. According to the ...
Continue Reading

Record ¥3 bil stolen via phishing in Japan in 1st half of 2023

A record 2,322 scams in Japan to steal internet banking IDs and passwords have resulted in unauthorized money transfers totaling a record of around 3 billion yen ($21 million) in the ...
Continue Reading

Wordfence Becomes the Latest Brand to be Impersonated Putting 800 Million Sites at Risk

With its wide use and trusted state among Wordpress developers and website admins, a new campaign impersonating the website security brand could put hundreds of millions of websites at ...
Continue Reading

New PCI Password Requirements Could Be the Impetus for Credential Harvesting Scams

As the retirement countdown for the current version of PCI is now less than six months, a new standard for password length, complexity, and change frequency may create some risk.
Continue Reading

Scammers Exploit Twitter’s Transition to “X”

Scammers are taking advantage of Twitter’s rebranding to “X,” according to Stephanie Adlam at Gridinsoft. A phishing campaign is targeting Twitter Blue users by telling them they need to ...
Continue Reading

KnowBe4’s Interactive Phishing Analysis Center: Keep Your Finger On The Pulse

As a security awareness practitioner, keeping your pulse on industry - and geographical - benchmarking data and best practices is always a good way to measure your organization’s security ...
Continue Reading

Most Organizations Using Weak Multifactor Authentication

Most organizations are still using weak forms of multi-factor authentication (MFA), a survey by Nok Nok has found. These forms of MFA can be bypassed if an employee falls for a social ...
Continue Reading

5 Intriguing Ways AI Is Changing the Landscape of Cyber Attacks

In today's world, cybercriminals are learning to harness the power of AI. Cybersecurity professionals must be prepared for the current threats of zero days, insider threats, and supply ...
Continue Reading

[INFOGRAPHIC] Q2 2023 Top-Clicked Phishing Test Results Favor HR-Related Subjects

KnowBe4's latest reports on top-clicked phishing email subjects have been released for Q2 2023. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally ...
Continue Reading

GitHub Warns of Social Engineering Campaign Targeting Employees in the Technology Industry

A few weeks ago, GitHub posted on their blog a recent security alert that should have any organization in the tech industry worried.
Continue Reading

Fraud Masquerades as Anti-Fraud

Many of us have received a phone call or other notification from a credit card company telling us that they’ve detected suspicious activity on our card. Was it us? Did we just spend $500 ...
Continue Reading

Data Theft Extortion Attacks Rise 25 Percent in Just One Quarter and Take Top Attack Spot

A recap of Q2 from Cisco Talos’ incident response services provides insight into exactly what kinds of attacks are being seen in the field, and what kinds of attacks you need to be ...
Continue Reading

Vendor Email Compromise Attacks Use the Same Playbook for Multiple Attacks

Seeking very large paydays, Vendor Email Compromise (VEC) threat actors are finding out what works and repurposing their content and processes to increase chances of seeing a massive ...
Continue Reading

Phishing Attacks Continue to Use Attachments as HTML Files Containing Java Dominate

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack.
Continue Reading

[New Product] Supercharge Your Anti-Phishing Defense with KnowBe4’s PhishER Plus!

Staying one step ahead of cybercriminals is absolutely vital in today’s threat landscape. That's why we're thrilled to introduce PhishER Plus, a revolutionary product from KnowBe4 that ...
Continue Reading

WIRED: "This Disinformation Is Just For You."

WIRED just came out with an article that spells out the coming tsunami of highly targeted disinformation. here is a short summary and the article is highly recommended:
Continue Reading

New AI Bot FraudGPT Hits the Dark Web to Aid Advanced Cybercriminals

Assisting with the creation of spear phishing emails, cracking tools and verifying stolen credit cards, the existence of FraudGPT will only accelerate the frequency and efficiency of ...
Continue Reading

Russian Hackers Breached Government Agencies' MFA Using Microsoft Teams: Is Your Business Next?

Microsoft's recent blog post raised eyebrows through the cybersecurity community. State-backed hackers linked to Russia, known as APT29 or Cozy Bear, have executed “highly targeted” ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews